If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

It doesn't matter how "robust" your password is if a hacker can actually read it. There's a low probability here, as a hacker would have to intercept the data stream as the password was sent across and capture it, but there are people out there with equipment and determination to do just that. They don't even have to capture the password in a fraction of a second, but could grab a great chunk of data traffic, then analyse it later to gather passwords. They would probably use automatic tools for that. Also, while a single hacker might not be able to do very much, groups of hackers could work in collaboration.

Whether for non critical sites (I'm assuming AoS is one such - do I really care if anyone knows what CDs I like, whether I have any vinyl, what my cartridge preferences are etc.?) hackers could build up information which they would consider useful and use against me or us collectively I don't know.

AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your getting the warning

Regards,
Grant ....

I've said it before and I'll say it again: democracy simply-doesn't-work

AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your getting the warning

It's possible to have ssl/https connections only for the login phase I think. Given that most of the traffic can be visible to anyone who wants to intercept it, the main concern must be if users are likely to use similar passwords for different sites.

AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your [sic] getting the warning

Nope. Clicking on the little 'i' in the circle to the left of the URL window shows that it is the http:// variant of AoS (i.e. the only variant). It's a recent Firefox feature I think since version 51. There is a drop down menu with more options and info.

AOS was never set up to have https security as it didnt warrant it. Nick disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net. trying to use https should default you back to http. maybe thats why your getting the warning

Grant is right. AOS is currently not configured to work over HTTPS / SSL. Out of the box, vBulletin was historically a bugger to get working over HTTPS. This is now less of an issue, but it still requires additional (expensive) certificates, and since we're not running ecommerce (an online shop) or carrying out banking or other stuff which requires encrypted connections between you and the site, it's not something we've pursued.

There is a movement towards forcing sites to use HTTPS when requiring passwords to log-on. I think this is fair enough for sites where the risk from someone 'hacking' your connection and intercepting your traffic (like with a shop, or bank), but for a forum like this? It's not something I'd worry about.

If the message bugs you and you still want to use Firefox, this link tells you how to disable the warning:

If you do disable the warning, and even if you don't, I recommend using the HTTPS Everywhere plugin from the EFF. This ensures that you always connect to Secure Sites via HTTPS if HTTPS is supported. If a site has enabled HTTPS it's because they think you need it, and in that case, you're better with it than not